123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331 |
- Sun 28 May 2023 18:00:00 MSK
- Released GNU libmicrohttpd 0.9.77. -CG
- This is mostly a bugfix release.
- This version created by taking patches from the current development
- branch and back-porting them on top of version 0.9.76.
- The most notable changes are: some improvements for Digest and Basic
- authorizations, fixed efficiency for TLS upgraded connections, fixed
- processing of folded headers in requests, fixed functionality with
- blocking sockets, improved and fixed internal test-suite.
- The more detailed list of the important changes:
- API changes:
- + Added new function MHD_get_version_bin().
- Improvements and enhancements:
- * Digest Auth: changed algorithm identifiers in server generated
- headers from "md5" / "sha-256" to "MD5" / "SHA-256" to better match
- RFC (while clients should use caseless matching).
- * Improved Base64 decoding by new implementation with robust input
- data validation checks.
- * Improved configure for cross-compiling, for better compatibility
- with POSIX and for better compatibility with the latest compiler
- versions.
- * New internal tests: for Base64 decoding, Basic Auth and folded
- headers.
- * Supported new libcurl API in tests to mute deprecation warnings.
- * Supported ARM and ARM64 for VC compilers.
- Functionality changes:
- * any negative number returned by response data generation callback
- function is treated as an error. Previously negative values except
- predefined error codes could produce undefined behaviour.
- * Added handling of "DEBUG" preprocessor macro as an alias of "_DEBUG".
- Fixes:
- # Fixed functionality with blocking sockets.
- # Fixed very inefficient data pumping for upgraded TLS connections.
- # Fixed processing of folded headers in the requests.
- # Fixed data races when closing upgraded connection.
- # Removed duplication of "Connection: upgrade" header.
- # Digest auth: fixed thread sync to avoid "stale hash" results.
- # Fixed harmless unwanted extra data processing resulting in triggering
- of the assert.
- # Fixed tests for LTO.
- # Removed removed non-portable functions in examples.
- # Fixed delayed call of connection notification callback in
- thread-per-connection mode.
- # Fixed Address Sanitizer unpoison of memory when memory pool is
- destroyed. This fixed periodic ASAN error when used for a long time
- with the sanitizer.
- # Fixed compiler warnings in library code, examples, tests and configure
- checks.
- # New TLS certificates for test-suite: all with SAN fields and SHA-256
- hash.
- # Tests: fixed tests on Darwin 22.x (Ventura).
- # Tests: redesigned one tests group to avoid stress-testing of the OS.
- -- Evgeny Grin (Karlson2k)
- Sun 26 Feb 2023 17:49:30 CET
- Released GNU libmicrohttpd 0.9.76 hotfix. -CG
- This is a hotfix release.
- This only change since previous release is fixed potential DoS vector
- in MHD_PostProcessor discovered by Gynvael Coldwind and Dejan
- Alvadzijevic (CVE-2023-27371).
- While the researchers have not been able to exploit this attack vector
- when libmicrohttpd is compiled with the standard GNU C library, it is
- recommended that you update MHD as soon as possible if your
- applications are using (optional) MHD_PostProcessor functionality.
- -- Evgeny Grin (Karlson2k)
- Sun 26 Dec 2021 20:30:00 MSK
- Released GNU libmicrohttpd 0.9.75 -EG
- This is a correction release.
- The main improvement is the implementation of workaround for some
- OSes (like OpenBSD 7) where "monotonic" clock may jump back. Now
- MHD is able to automatically detect such situation and recover if
- the jump is small. This workaround is needed with increased
- accuracy of connection timeout introduced in previous version, as
- with lower accuracy (v0.9.73 and before) these jumpbacks were
- unnoticeable.
- Other changes: fixed some compiler, Makefile, and configure
- warnings on specific platforms; one test further improved.
- -- Evgeny Grin (Karlson2k)
- Sun 19 Dec 2021 18:30:00 MSK
- Released GNU libmicrohttpd 0.9.74
- This release brings a lot of fixes and improvements, and
- important new features.
- The most significant addition is the new experimental
- implementation of WebSockets contributed by David Gausmann. This
- implementation is not fully tested yet so currently it is disabled
- by default.
- Other changes include a lot of improvements and clarifications
- in doxy comments in microhttpd.h header file, improved compliance
- with the RFC HTTP specifications, the new implementation of reply
- header forming, the new implementation of request chunked encoding
- parsing, new automatic error replies, internal optimisations, and
- many important fixes, including fixes for long-standing bugs.
- More detailed list of notable changes:
- API changes:
- + Added new function MHD_get_reason_phrase_len_for().
- + Added MHD_CONNECTION_INFO_HTTP_STATUS type of information
- queried by MHD_get_connection_info().
- + Added new response flag MHD_RF_SEND_KEEP_ALIVE_HEADER to force
- sending of "keep-alive" header even if not required by RFC.
- + Added new response creation function
- MHD_create_response_from_buffer_with_free_callback_cls() with
- custom cleanup callback.
- + Added new response flag MHD_RF_HTTP_1_0_COMPATIBLE_STRICT with
- the same functionality as existing MHD_RF_HTTP_VERSION_1_0_ONLY
- flag. The old flag will be deprecated.
- + Added new response flag MHD_RF_HTTP_1_0_SERVER with the same
- functionality as existing MHD_RF_HTTP_VERSION_1_0_RESPONSE flag.
- The old flag will be deprecated.
- New features:
- + Added experimental WebSockets extension with separate header.
- Disabled by default as it is not fully tested yet.
- + Added '--enable-sanitizers[=address,undefined,leak,user-poison]'
- configure parameter (instead of '--enable-sanitizer'),
- implemented custom memory poisoning for memory pools.
- Improvements and enhancements:
- * Doxy function descriptions was corrected, clarified, extended,
- and improved. Now it should be much easier to learn MHD just by
- reading the headers.
- * Completely rewritten reply header forming. New implementation is
- more robust, simpler maintainable and expandable, and better
- follows RFC HTTP specifications.
- * Performance improvements: now HTTP version and request method are
- decoded one time only (previously MHD used string comparison many
- times during processing the data).
- * Rewritten request chunked payload decoding. The new
- implementation better conforms to the HTTP RFC, detects format
- problems earlier, replies to the clients with description of
- detected problems, handles untypical (but syntactically correct)
- values properly.
- * Added special replies for wrong/unsupported HTTP versions in
- requests, broken HTTP chunked encoding in requests,
- * As required by HTTP RFC, added automatic error replies if client
- used broken chunked encoding, too large chunk size, too large
- payload size, or broken Content-Length header.
- * Optimized connection's memory pool handling.
- * Changed timeout precision from one second to one millisecond.
- * Added some checks for incorrect user data, reporting problems in
- MHD log.
- * Improved performance of hash calculations functions by using
- compiler built-ins (if available).
- * Implemented SHA-1 calculations (required for WebSockets).
- * Added universal MSVC project that works with any (sufficiently
- new) version of MSVC.
- * Developed simple HTTP client to test MHD under very special
- conditions.
- * Implemented 45 new tests.
- * Improved existing tests to test more aspects of MHD.
- * Added check for correct results of system and libcurl functions.
- * Response headers are checked during forming of responses.
- * HTTPS tests were improved.
- * Added rebuild on W32 of all required files if files are missing.
- * Many internal optimisations and improvements.
- Functionality changes:
- * Keep-alive header is omitted by default for HTTP/1.1 connections.
- Use of header can be enforced by response flag.
- * Chunked encoding is used for HTTP/1.1 non-keep-alive connections
- for responses with unknown size. Previously MHD used "indication
- of the end of the response by closing connection" in such cases,
- however it is not correct for HTTP/1.1 connections as per HTTP
- RFC.
- * As required by HTTP RFC, use HTTP/1.1 version instead of HTTP/1.0
- in reply headers when client is HTTP/1.0 . HTTP/1.0 version can
- be enforced by response flag.
- * User response headers are used in replies in the same order as
- was added by application.
- * Allowed tab characters in response header values.
- * All custom "Connection:" response headers are automatically
- combined into single "Connection:" header.
- * "keep-alive" token silently dropped from custom "Connection:"
- response header. "Keep-alive" cannot be enforced and used
- automatically if possible.
- * Allow tab character in custom response header value.
- * Disallow space character in custom response header value.
- * Do not allow responses with 1xx codes for HTTP/1.0 requests.
- * Detected and reported incorrect "Upgrade" responses.
- * W32 targets are changed to Vista+ by default. XP is supported
- still.
- Fixes:
- # Fixed short busy-waiting (up to one second) when connection is
- going to be expired and closed.
- # Fixed handling of errors during start of new connection, fixed
- inability to accept new connections in thread-per-connection mode
- due to the missing decrement of number of daemon's connections if
- start of new thread is failed.
- # Fixed incorrect parsing of LFLF, LFCR, CRCR, and bare CR as
- single linefeed in request header and request chunked payload.
- Now only CRLF or bare LF are recognized as linefeed.
- # Fixed response chunked encoding handling. Now it works properly
- with non-keep-alive connection, with fixed size replies (if
- chunked was enforced by header), and in other situations.
- # Other fixes for chunked replies.
- # Fixed handling of custom connection timeout in thread-per-
- connection mode.
- # Fixed wrongly used MHD_REQUEST_TERMINATED_COMPLETED_OK code for
- application notification when MHD_REQUEST_TERMINATED_WITH_ERROR
- code must be used.
- # Fixed code MHD_REQUEST_TERMINATED_READ_ERROR not reported (code
- MHD_REQUEST_TERMINATED_WITH_ERROR was incorrectly used instead).
- # Fixed handling of request chunked encoding with untypical
- formatting.
- # Fixed processing of last part of hex-encoded values under
- certain conditions.
- # Fixed value returned for MHD_CONNECTION_INFO_REQUEST_HEADER_SIZE.
- # Fixed returned value for MHD_FEATURE_AUTOSUPPRESS_SIGPIPE on W32,
- now it is MHD_YES as W32 does not need SIGPIPE suppression.
- # Fixed portability of bitwise NOT for enums values.
- # Fixed SHA-256 and MD5 calculations with unaligned data.
- # Fixed incorrect caseless matching for HTTP version.
- # Fixed incorrect caseless matching for request method.
- # Fixed compatibility with old GnuTLS versions.
- # Fixed compiler warnings on 32-bits platforms.
- # Fixed blocking sockets setting in tests and examples for W32.
- # Fixed examples to really use libmagic if present.
- # HTTPS tests were fixed.
- # Fixed libcurl test with case-insensitive match for HTTP methods,
- method names must use case-sensitive match.
- # Fixed tests compatibility with old libcurl versions.
- # Fixed build on W32 with llvm-dlltool (this tool is too
- oversimplified)
- -- Evgeny Grin (Karlson2k)
- Sun 25 Apr 2021 14:00:00 MSK
- Released GNU libmicrohttpd 0.9.73
- This release brings new features, improvements, and a few fixes.
- The most important addition is the new function for vector-backed
- responses, based on the patch contributed by NASA engineers.
- Other changes include compatibility with autoconf 2.70+, improved
- testsuite compatibility with CI systems, fixed and improved MSVC
- builds, and implementation of ALPN support.
- More detailed list of notable changes:
- API changes:
- + Added new function MHD_create_response_from_iovec(), based on the
- patch provided by Lawrence Sebald and Damon N. Earp from NASA.
- + Added MHD_OPTION_SIGPIPE_HANDLED_BY_APP daemon option.
- + Added new function MHD_run_wait().
- + Added MHD_OPTION_TLS_NO_ALPN to disable usage of ALPN even if
- it is supported by TLS library.
- New features:
- + Added '--enable-heavy-tests' configure parameter (disabled by
- default).
- + Implemented support for ALPN.
- Improvements and enhancements:
- * Return timeout of zero also for connections awaiting cleanup.
- * Compatibility with autoconf >=2.70, used new autoconf features.
- * Warn user when custom logger option is not the first option.
- * Added information to the header about minimal MHD version when
- particular symbols were introduced.
- * Updated test certificates to be compatible with modern browsers.
- * Added on-fly detection of UNIX domain sockets and pipes, MHD does
- not try to use TCP/IP-specific socket options on them.
- * Report more detailed error description in the MHD log for send
- and receive errors.
- * Enabled bind port autodetection for MSVC builds.
- Fixes:
- # Fix PostProcessor to always properly stop iteration when
- application callback tells it to do so.
- # Fixed MD5 digest authorization broken when compiled without
- variable length arrays support (notably with MSVC).
- # Fixed detection of type of send errors on W32.
- -- Evgeny Grin (Karlson2k)
- Mon 28 Dec 2020 21:36:00 MSK
- Released GNU libmicrohttpd 0.9.72
- This release is mostly a bugfix release, with greatly improved
- compatibility with various OSes/kernels, including FreeBSD, Windows,
- OpenBSD, NetBSD, Darwin (macOS), Solaris. Performance is improved,
- especially with HTTPS connections and stay-alive HTTP connections.
- Notable changes since version 0.9.71:
- API changes:
- + New function MHD_create_response_from_pipe()
- Improvements and enhancements:
- * Fully rewritten code for buffering/pushing from kernel network buffers
- for compatibility with various OSes. Reduced number of additional
- sys-calls, network is better utilized, responses are delivered faster.
- * Restored optimal sendfile() usage on FreeBSD.
- * MHD now takes care about SIGPIPE handling by blocking it in internal
- threads and avoiding functions (like sendfile()) that could generate
- SIGPIPE when blocking of this signal is not possible.
- Fixes:
- # Fixed crash in PostProcessor.
- # Fixed several resources leaks in corner cases.
- # Improved thread sync, thread safety and fixed one use-after-free under
- special conditions during stopping of daemon.
- # Updated HTTP status codes, header names and methods from the
- registries.
- # Fixed functioning without listen socket and with internal threads.
- # Fixed streaming of chunked responses for both HTTP and HTTPS.
- # Various compatibility fixes.
- -- Evgeny Grin (Karlson2k)
- Tue Jan 9 20:52:48 MST 2007
- Project posted.
|